Aviatrix Secure Edge - Specifications
Secure Edge
This part describes the specifications for deploying Aviatrix secure Edge.
Aviatrix Secure Edge connects your on prime sites to multi Cloud network.
Aviatrix Secure Edge VNF.
Flavors
The available sizes of flavors for Secure Edge are shown below. These depend on the software versions selected.
| Standard | DPDK | |
|---|---|---|
| Small | 2 vCPU 4 GB Mem 64 Go Disk | - |
| Medium | 4 vCPU 8 GB Mem 64 Go Disk | - |
| Large | 8 vCPU 16 GB Mem 64 Go Disk | - |
In case of dual topology, a flavor can be selected for each virtual device making up a Virtual Network Edge.
Interfaces
The interfaces available for Aviatrix secure edge are listed below:
- Interface 1 : Wan interface with a floating Public IP address to connect to your on prime sites.
- Interface 2 : LAN interface which can be connected to one or many technical VPN(s).
- Interface 3 : Wan interface with a floating Public IP address to connect to Copilot networks and used for the management.
Each interface can be controlled by a security group.
Software device versions
Below are the software image versions available for Secure Edge on Orange Super POP.
- 7.0-2023-05-18
- 7.1-2023-04-24
Licence
Only Bring Your Own Licence (BYOL) type is supported for Aviatrix Secure Edge. You need to purchase your software licence with Aviatrix sales.
Security group
For Aviatrix secure Edge, the security group are fixed for interfaces “1” and “2”. This is defined by Orange and cannot be changed :
- Linked to interface 1 : One security group is fixed to accept only IPSEC packets allowing ingress port 500 and 4500 (Ingress UDP packets).
- Linked to interface 3 : One security group is fixed to accept port 53 (ingress UDP packets for DNS), port 5000 and 31283 (ingress UDP packets), port 443 (ingress TCP packets for HTTPS).
To increase the security, another generic security group can be created and linked to interfaces.
Port 5000 and port 31283 needs to be allowed for Netflow communication with Aviatrix CoPilot.